Sign up for our weekly security newsletter

FireEye Did Well to Knock Out Mega-D

The botnet that once accounted for an estimated third of the global spam traffic has recently been kicked out of the charge, and the credit goes to researchers at FireEye, a California-based company that manufactures security products.

After minutely analyzing the intrigues of the massive botnet, also known as Ozdok and Mega-D, the personnel at the FireEye launched a coordinated attack on dozens of its command and control channels in the first week of November. The channels were used to relay new spamming commands to the mass of zombies that constitute the network.

According to M86 Security blog, the spam stopped almost immediately. In 2008, the e-mail security firm estimated that the botnet was the major source of spam until some of its servers were taken down.

Mega-D, a network of hijacked computers, accounts for sending over 4% of the world's spam, revealed M86 Security. Most of the systems that constitute Mega-D are infected home PCs.

It is worth noting that Mega-D is one of the several botnets that have implemented advanced technologies to ensure that its owners don't lose control of hacked PCs. The hijackers use command and control servers to send instructions to zombies, like when to initiate a spam campaign.

In case of Mega-D, the compromised PCs will seek certain domain names so as to download instructions, wrote FireEye's Atiq Mushtaq on the company's blog, as per the news published by PCWorld on November 10, 2009.

On the night of November 5, 2009, FireEye initiated its assault, contacting ISPs which had systems acting as command-and-control servers for Mega-D. The links for IP addresses used by Mega-D were shut by all but four service providers, informed the firm.

In the meantime, after the McColo case, cybercriminals are no longer depending on a single block to host their command-and-control servers. Apart from this, most botnets, at present, are equipped with a "fallback" mechanism. Even shutting down the backend servers will not post a long-lasting impact on many of the present day botnets.